Bỏ qua đến nội dung chính
Back to home
Tech AI 2 min read

Windows Defender zero-day patch could allow attackers to fill hard disk

A security patch for a Windows Defender zero-day vulnerability is causing controversy as it potentially allows attackers to fill up users' hard drive capacity.

Tier 1 · sources 60% confidence Reviewed
Sources arstechnica.com

According to a report from Ars Technica, the feud and technical dispute between the security research group NightmareEclipse and Microsoft shows no signs of resolving soon. The issue stems from the very patch designed to fix a zero-day security vulnerability in Windows Defender, the default antivirus tool for the Windows operating system.

Detailed Developments

The incident began when researchers discovered that Microsoft's latest zero-day patch for Windows Defender contained another critical security flaw. Instead of protecting the system, this patch vulnerability can be exploited by attackers to continuously write junk files to the system. This process occurs silently until the target device's hard drive space is completely filled, causing system freezing.

Background & Causes

The cause of the incident stems from a deep disagreement between NightmareEclipse and Microsoft's security team regarding the patching methodology. The research group claims that Microsoft rushed to release the fix without thoroughly testing the side effects. This is not the first time emergency security patches from the American tech giant have suffered from system resource control issues.

Technical & Technology Analysis

Technically, Windows Defender's scanning mechanism after applying the patch was manipulated to generate massive log and temporary files without automatic deletion. Attackers can trigger this process remotely by sending specially crafted packets or bait files, forcing the scanning tool to repeatedly write data to the operating system partition (typically the C: drive) until the system reports an out-of-cache error.

Expert Opinions & Assessments

Independent cybersecurity experts note that this is a concerning vicious cycle of patching. The fact that a zero-day patch creates a local denial-of-service (DoS) vulnerability shows that time pressure has impacted the quality of source code testing at Microsoft. Users are currently advised to proactively monitor their disk space.

Impact & Future

This incident directly affects millions of personal and enterprise Windows users who rely entirely on Windows Defender. Without a prompt and thorough fix, Microsoft's credibility in handling zero-day vulnerabilities will be severely diminished. Readers should stay tuned to the latest security updates to avoid being affected.